Linux Kernel Media Component Vulnerability Affecting Vivid Driver
CVE-2025-38226

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
4 July 2025

What is CVE-2025-38226?

A vulnerability in the Linux kernel's vivid media driver allows for a vmalloc-out-of-bounds condition. The issue arises during memory operations in the v4l2-tpg-core.c file, specifically when the composition size exceeds expected limits. This flaw can lead to unexpected behaviors and potential system instability. Proper validation checks are necessary to ensure that the composition size does not exceed the fmt_cap_rect size, which could trigger further memory-related issues.

Affected Version(s)

Linux f9d19f3a044ca651b0be52a4bf951ffe74259b9f < 635cea4f44c1ddae208666772c164eab5a6bce39

Linux ab54081a2843aefb837812fac5488cc8f1696142 < 89b5ab822bf69867c3951dd0eb34b0314c38966b

Linux 2f558c5208b0f70c8140e08ce09fcc84da48e789 < 5d89aa42534723400fefd46e26e053b9c382b4ee

References

https://git.kernel.org/stable/c/635cea4f44c1ddae208666772...
https://git.kernel.org/stable/c/89b5ab822bf69867c3951dd0e...
https://git.kernel.org/stable/c/5d89aa42534723400fefd46e2...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-38226 : Linux Kernel Media Component Vulnerability Affecting Vivid Driver